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WHAT IS CLAIMED IS: 



1 A method for preserving layer 2 address information or 

2 information replacing a layer 2 address of a client device 

3 which sourced a virtT\al private network packet, the method 

4 comprising: 

5 a) determinVing a new layer 3 destination address 

6 based on at least a portion of a layer 3 

7 destination akdress of the virtual private 

8 network packetV and 

9 b) encapsulatikig the virtual private network 

10 packet with a lawyer 3 source address, the new 

11 layer 3 destination address determined, a layer 2 

12 source address ana a layer 2 destination address. 

1 2 . The method of claim 1 whetrein the layer 3 source 

2 address corresponds to the lai\er 3 address of an ingress 

3 access router. 

1 ° 3 , The method of claim 1 whereiA the new layer 3 

2 destination address determined corresponds to the layer 3 

3 address of an egress access routei 



A method for forwarding a virtual private network 
packet in which layer 2 address information or information 
replacing a layer 2 address of a device has been preserved, 
in which layer 3 destination address ilnformation has been 
preserved and which includes a second layer 3 destination 
address which corresponds to an egress i^ccess router, the 
method comprising: 



68 



Bell-30 



8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 




a) de-encapWulating the virtual private network 
packet by renfoving the second layer 3 destination 
address ; 

b) determining a new destination layer 2 address 
based on (i) a\. least a portion of the preserved 
layer 3 destinaV:ion address information, and (ii) 
at least a portiipn of the layer 2 address 
information or th^p information replacing the 
layer 2 address ofi the device; and 

c) replacing a destination layer 2 address with 
the new destinationX layer 2 address determined. 
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y6. A machine readanle storage means having stored thereon 
a packet sourced from a client device which defined a layer 
3 destination addressXfor the packet and which includes a 
layer 2 source address\and a layer 3 source address, the 
packet comprising : 

a) a first field f\)r storing data; 

b) a second field fpr storing the layer 3 destination 
address defined by source deyice; 



c) a third field fi)r 
destination address 




new layer 3 



6. The machine readable \ptoirage means of claim 5 wherein 
the new layer 3 destinaticWaddress stored in the third 
field corresponds to a layer 3 a>^dress of an egress access 
router. 



1 7 . The machine readable storage means of claim 5 wherein 

2 the new layer 3 destination address scored in the third 

3 field is based on at least a portion the layer 3 

4 destination address defined by the souAce device. 
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1 8 . The machine reaifiable storage means of claim 5 wherein 

2 the packet further domprises; 

3 d) a fourth field for storing a bit string associated 

4 with a port with\ which the client device sourcing the 

5 packet is associaV:ed. 
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9. The machine readable storage means of claim 8 wherein 
the new layer 3 destination address stored in the third 
field is based on at leaat a portion of the layer 3 
destination address def ineu^TbyXthe client;/ device sourcing 
the packet and at least ^ort/4^n of thj^ bit string stored 
in the fourth field. 
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10. The machine readabl 
least a portion of the 
fourth field represents d 
client device sourcing the 



age means of claim 8 wherein 
bit string stored^ in the 
or\more services for which the 
pack)pt is authorized. 



1 11. The machine readable storage means of claim 8 wherein 

2 least a portion of the unique bit\ string stored^ in the 

3 fourth field represents a multicast group to which the 

4 client device sourcing the packet helongs . 

1 12. The machine readable storage means of claim 8 wherein 

2 least a portion of the unique bit strLig stored in the 

3 fourth field represents a service level with which the 

4 client device sourcing the packet is subscribed. 



1 13 . The machine readable storage means c\f claim 8 wherein 

2 least a portion of the unique bit string ^tored in the 
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3 fourth field represents a location of a logical ingress 

4 port . \ 

1 14. The machine ri^^dM)le stprage means of claim 8 wherein 

2 least a portion cjf tm^Miffique bit string stored in the 

3 fourth field corresponds to a VPN-OUI. 

1 15. The machine readable storage means of claim 8 wherein 

2 least a portion of the mnique bit string stored in the 

3 fourth field correspondsX to a VPN- INDEX. 

1 ^1^. An apparatus forVouting virtual private network 

2 packets, each of the packets including layer 2 address 

3 information or information replacing a layer 2 address of a 

4 client device which sourceci a virtual private network 

5 packet, the apparatus compr^ing: 

6 a) a table including a \ayer 3 destination address of 

7 the virtual private netwo^ packet and an associated 

8 layer 3 address of an egres^ access router; 

9 b) means for determining a new layer 3 destination 

10 address based on the contents Vf the table; and 

11 c) means for encapsulating theNvirtual private 

12 network packet with the new layeAs destination 

13 address determined.^^^ ^ 

1 1^. A machine readable mecuoim having sbored thereon a data 

2 structure, the data structu]^^^li^5^)ing a^lurality of 

3 records, each of the records cVrtoris/ng: 

4 a) a first field f or Istoritig a layer 3 destination 

5 address ; and \ / \ 
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b) a second field for storing a layer 3 address of an 
egress access rouVer associated with layer 3 
destination addre^ of the first field, 

wherein the e4ress access router is a router at 
the edge of a network. 
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The machine readaole 



records further compri 
c) a third field f 



of claim 17, each of the 



3ing : 

ing a string of bits in the 
place of a layer 2 adtiress associated with the 
client device which sourced the virtual private 
network packet . 
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